RE: Clicktilluwin DLDER Trojan

["Michael Watson" <mmwatson () peoplepc com>]

hey. i had the latest kazaa installed on my computer and it gave me that
dlder trojan. also, for some time, when kazaa was starting when window
booted, in the upper left corner on my screen was a small gray box that
wouldn't respond to anything. after i stopped kazaa.exe in my system
processes, it went away. also, that dlder.exe was a pain in the ass to get
rid of.

something weird is going on. maybe the limeware and kazaa people got hacked
and someone is having a little fun, or maybe they are intentionally doing
this for some reason. isn't there some kind of legal way for this to be
stopped? id sue for all the crap i had to go thru just to get everything
working again.

im using w2k also.




-----Original Message-----
From: jon () kirkbrideonline com [mailto:jon () kirkbrideonline com]
Sent: Monday, December 31, 2001 10:04 AM
To: vuln-dev () securityfocus com
Subject: Clicktilluwin DLDER Trojan



In-Reply-To: <20011230032402.5229.qmail () mail securityfocus com>

I found this vulnerability in the latest Limewire 2.0.2
gnutella client download. This crap gets installed
whether you like it or not. On my WinXP machine, it
was running a new service called bargains.exe that
was located in c:\program files\bargain buddy. The
dlder.exe file resides in C:\windows. I deleted the files
before I looked at their content but there appeard to
be some DB type files in the folder. Norton's latests
pattern files (12/29) will detect the dlder.exe file but
there's no info on their website about it yet. Anyone
have a handle on what this thing is doing?